Cartes America - Secure ID: Fraud and ID Management Part

1 Track

Personal Identity Verification (PIV) Case Study within the

TSCP Community

Keith WardTSCP Inc.President & CEOMay 14, 2014

What is TSCP?

• Government-Industry Partnership is focused on mitigating the risks, complexity, cost of IT inherent in large-scale, collaborative programs that span national jurisdictions. TSCP provides:

• Influence to drive a common approach and specifications • Efficiency of working together on a common problem• Lower costs of development and implementation –

leverage common solutions• Requirements, architecture, prototypes, deployed

capabilities.

• TSCP member companies have invested over $400M into internal federated systems using TSCP’s common operating rules and specifications.

• TSCP is the Transglobal Secure Collaboration Program was established 2002, TSCP is a non-profit 501(C)(6) technical association.

Common Framework for Federated Collaboration Key focus is on providing the mechanism and governance for:

• Trust. Member companies’ and governments’ users digital identities can be trusted by others.

• Identity Assurance. Trusted authority assures that its users with cross-certified-enabled digital identities are who they say they are.

• Interoperability through Federation. Member companies and credentials are interoperable across the industry and government.

PAGE 2 | TSCP

What Does TSCP Do?

* Where relevant, TSCP specifications comply with FICAM/PIV-I specifications and guidelines.

SPECIFICATIONS DEVELOPMENT.* Develops common specifications for secure collaboration solutions across the TSCP membership that align to government requirements. The specifications fall into these categories:

• Secure information exchange• Identity credentials/digital identities and attributes• Federated identity• Information assurance• Data labeling and protection

VALIDATION THROUGH REFERENCE LAB. Before TSCP publishes its specifications, the capability is in production with two or more members.

GOVERNANCE. Establishes policy and governance for TSCP Solutions.• Interoperable Identity Federation Trust Framework• Common Operating Rules• Legal Framework & Allocation of Liabilities• Accreditation & Trustmark

FEDERATED HUB. Hosts a Federated Hub for TSCP Membership that enables secure collaboration between TSCP membership and government customers.

PAGE 3 | TSCP

PIV-I Smart CardIllustrative Banking Smart Card

Same Smart Card Technology – Different Applications

Secure chip stores payment information

Chip card authentication prevents counterfeiting

Adds cardholder verification methods

Offers online or offline authorization

Secure chip stores strong Identity information .e.g. in-person vetting, biometricsPKI certificates and 3DES encryption prevents cyber threats

Adds cardholder verification methodspin and chip and Biometrics verificationOffers logical and physical as well as online and offline authorization

PAGE 4 | TSCP

TSCP Trust Framework: Bank Card Analogy

Bank(s) TSCP Member IdP(s)

Retailer Acquirers Agency Relying Parties

Issue Visa credit cards to customers.

Issue identities/ credentials to users

Customers present Visa cards for

payment. Retailers transmit payment

requests to the bank/card issuer

through Visa.

Users present member credentials to agency applications; RPs transmit authentication requests to IdPs through TSCP.

Routes authentication requests and responses between RPs and IdPs.

Routes payment requests and

responses between banks

and retailers. Visa conducts

settlement..

GOVERNANCE: Establishes and

enforces standards, specifications and operating rules.

UK MOD

Federal PKI Bridge

Direct Bilateral Trust

PAGE 5 | TSCP

TSCP Trust Framework and Specifications

TSCP Trust Framework TSCP Trustmark

AUTHORIZATION AUTHENTICATION MESSAGE SECURITY

Secure Messaging Networking Layer

Federated Authentication Service

Secure E-Mail/ Messaging (Hosted)

Secure Messaging Communications Layer

Secure Messaging Applications/Services Layer

Identity Provider Services

Secure Document Management/ Archiving

Secure/Anonymous Shipping

Secure Online Payment Interface

Secure Mail & Package Tracking

Secure Address Validation

Secure G2C, B2B Communications

TSCP Federation Framework & Specifications & Hub

TSCP Secure E-Mail Specification TSCP Attribute Management/Data Labeling Specification

TSCP Secure E-Mail Specification TSCP PIV-I Specification

Illustrative Secure Messaging Platform

TSCP Trust Framework, Common Operating Rules & Governance Documents PAGE 6 | TSCP

Remote & Desktop

Login

Credential & Rights

Management

NetworkControls

BuildingAccess

Corporate AccessCard User

Local or Remote

User

Host-Based Intrusion

Protection Systems

Strong Authentication – PIV-I Credentials

Credential Management

– Centralized Public Key

Infrastructure

Global A&D Supply Chain

Comm

ercial Industry Base

User and Privilege

Management – Automated

Provisioning

Multi-Layered approach to provide additional security layers across our networks, systems, facilities, data, intellectual property and information assets

Data Monitoring &

Protection Systems

• Access Control• Identity Management• Provisioning• Identity Repositories

• Transformed Business Processes

• Responsibility Changes

idAM

People Process

Technology

• Permissions Model

• Organizational Changes

• Training

• Compliance Monitoring• Identity

Management

• Permissions Management

• Resource Management

Internet / Intranet

Web Portals

Live Link

Directory Services

SharePoint / Site Minder

SAP / People Soft

Email Services

IDAM

APPLICATIONS

18

Use Case 1:Multi-Layer Security across the enterprise

PAGE 7 | TSCPTSCP Common Operating Rules

Use Case 2:PIV-I into Adjacent Markets: Financial & Retail SectorsPAGE 8 | TSCP

Use Case 2:PIV-I into Adjacent Markets: Financial & Retail Sectors

PAGE 9 | TSCP

B2GB2BC2B

Use Case 3: PIV-I into adjacent markets: Business Continuity Information Sharing Initiative

• Private Sector Information is Sensitive and needs to be Secured• Media can miss-interpret fleet

movement and cause public concern • Gangs track fleet movement and can

steel copper/supplies from hotel lots where fleets park over night

• Others can intervene and cause un-needed delays and/or commandeer fleets as in Katrina

• Need to share PS Fleet Data & Info w/State EMs, DOTs, Police, other agencies at regional/national levels

• Need info from Government to make operational decision to expedite power restoration efforts at regional level

• Ultimate solution must:• Be trusted, proven and simple • Allow state/local government agencies

to participate• Standards based, scalable in size,

adaptable to each organization• Must use Trusted Credentials• Must have a Trust Framework Model

for all entities to legally participate• Must have strong security controlsPAGE 10 | TSCP

Data Providers Data Consumers

Use Case 3:TSCP Trust Framework PIV-I Information Sharing

PIV-I Information Sharing

Exchange Cloud Environment

EOC

Identity Claims Providers

CommercialIdentity Providers

State GovernmentIdentity Providers

TSCP Trust Framework

PIV-I Data Access

Controls

PIV-IGIS Layer

Access

PIV-I PIV-I

PAGE 11 | TSCP

ILHDSIF

ILHDSIF

PIV-I Smart CardBanking Smart Card

Next Steps – Bridge the Gap!

PAGE 12 | TSCP

The higher-level credentials represent over ~40M usersTSCP is looking for applications, technologies and solutions to

Bridge the Gap!

TSCP Fall Collaboration WorkshopJoin the

International Leaders

in Secure Collaboration

We're proud to announce an expanded multi-track conference program for this year's Trusted Cyber Collaboration Workshop. We'll be covering every aspect of secure information sharing and the speaker schedule, including over 50 expert presenters, is coming together now. Take a look at the seven tracks below. More information is forthcoming, but we’re offering an Early Bird discount rate for those who respond by June. Get up to $280 off a 3-Day pass. Register online--it only takes 2 minutes. There's no risk--you can cancel anytime before Sep. 5 for a 100% refund.

Conference Tracks—Thursday, September 25

Federated Information Sharing: Identity federation is the foundation of secure collaboration--

where the rubber meets the road. In this track you'll survey a wide range of real-world implementations between governments, industry and the public.

Cybersecurity: Organizations continue to redefine the components of cyber security, in response to evolving threats. Detection and monitoring have

improved, while one foundational element has remained critical: The need for trusted identities for secure authentication and authorization, particularly through the federation model. We’ll look at the latest policies, innovations and implementations of trusted identities.

Mobile and Derived Credentials: Mobile and derived credentials create new opportunities for

collaboration and new challenges for secure information sharing. These sessions will include case studies and best practices that will help you to securely make the move to mobile environments, such as smart phones and tablets.

Government-Private Partnership Exercises: In an emergency

situation, secure access and identity management enables faster power and supply chain restoration efforts. This track will present specific efforts toward enhanced business continuity and results from "Integrated Planning" programs between critical infrastructure owners and operators along with state, local, and federal governments.

Conference Tracks—Friday, September 26

Securing the Supply Chain: New DFARS provisions impose security requirements for Unclassified

Controlled Technical Information. Improved identity and access management can help address these requirements, and secure the supply chain. We’ll review progress on the FAR final rule. This will be an indispensable overview for contractors and suppliers operating

Cornerstone of Cybersecurity: Secure, cost-effective identity and access management requires a strategic look at identity

assurance and personal attributes, and their role in cybersecurity. We’ll explore the business model that maximizes efficiencies and competition, and how to supply the amount of information that is “just right” to support the decision at hand. These sessions, presented by leading experts, will focus on the key issues of liability, privacy

Trans-Global Partnerships: Global collaboration requires automated, standards-based security

infrastructures that apply controls consistently to shared data across organizations, governments, and continents. See how highly successful organizations manage these partnerships efficiently and comply with data security requirements around intellectual

TSCP Appreciation Reception & Dinner: Relax and network with

colleagues at the Udvar Center Air and Space Museum. Pre-Workshop Day-Long Focused Seminars: Arrive a day before the TSCP Workshops for a dedicated, focused seminar. Complete details will be posted soon.

For more information please visit www.tscp.org

PAGE 13 | TSCP

PAGE 14 | TSCP14 CONFIDENTIAL

Questions?TSCP Inc.Keith Ward8000 Towers Crescent Drive, Suite 1350Vienna, VA 22182Phone: (703) 760-7898Email: keith.ward@tscp.orgWeb: www.tscp.org